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CLAIMS 

What is claimed is: 

1 1 . A method comprising: 

2 determining a result based upon a network path of a received packet; 

3 identifying, from a plurality of bins, at least one bin corresponding to the result, each of 

4 the plurality of bins including a number of sets of fields; and 

5 searching the at least one corresponding bin to identify a set of fields matching the 

6 packet. 

1 2. The method of claim 1, further comprising: 

2 identifying an action associated with the set of matching fields; and 

3 applying the action to the packet. 

1 3 . The method of claim 1 , wherein the set of matching fields includes a 

2 transport level field. 

1 4. The method of claim 1 , wherein determining the result comprises 

2 identifying a single most specific filter matching the packet. 

1 5. The method of claim 4, wherein the network path of the packet is 

2 expressed as a source address and a destination address. 
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1 6. The method of claim 5, wherein identifying the single most specific 

2 matching filter comprises: 

3 performing a look-up in a first data structure to find an entry matching the source address 

4 of the packet; and 

5 performing a look-up in a second data structure to find an entry matching the destination 

6 address of the packet. 

1 7. A method comprising: 

2 receiving a packet, the packet having a header including a source address, a destination 

3 address, and a number of other fields; 

4 identifying, from a number of entries in a data structure, an entry having a source address 

5 prefix matching the source address of the packet, the matching entry including a 

6 first identifier; 

7 identifying, from a number of entries in another data structure, an entry having a 

8 destination address prefix matching the destination address of the packet, the 

9 matching entry including a second identifier; 

10 identifying, from a number of bins, a bin corresponding to the first and second identifiers, 

1 1 the corresponding bin including a number of sets of transport level fields; and 

12 comparing at least one of the other fields of the packet header with each set of transport 

13 level fields in the corresponding bin to find a matching set of transport level 

14 fields. 



-52- 



Attorney Docket No. 42P 1 6527 
Express Mail No. EV3255269 1 8US 

1 8. The method of claim 7, further comprising applying to the received packet 

2 an action associated with the matching set of transport level fields. 

1 9. The method of claim 7, wherein the number of other fields in the packet 

2 header includes at least one of a protocol, a source port, and a destination port. 

1 10. The method of claim 9, wherein the source address of the packet header 

2 comprises a source IP (Internet Protocol) address and the destination address of the 

3 packet header comprises a destination IP address. 
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1 1 1 . A method comprising: 

2 receiving a packet, the packet having a header including a source address, a destination 

3 address, and a number of transport level fields; 

4 searching a source address data structure to find a first index and a third index, the first 

5 index associated with a fully specified filter having a source prefix matching the 

6 source address of the packet, the third index associated with a partially specified 

7 filter having a source prefix matching the source address of the packet; 

8 searching a destination address data structure to find a second index and a fourth index, 

9 the second index associated with a fully specified filter having a. destination prefix 

10 matching the destination address of the packet, the fourth index associated with a 

1 1 partially specified filter having a destination prefix matching the destination 

1 2 address of the packet; 

13 forming a key from the first and second indexes; 

14 searching a primary table for an entry matching the key, the primary table including a 

15 number of entries, each entry corresponding to one of a fully specified filter, a 

16 fully specified filter intersection, and an indicator filter; and 

17 if a matching entry is found in the primary table, accessing a list of bin pointers 

18 associated with the matching entry, each bin pointer of the list identifying a bin 

19 containing a number of sets of transport level fields. 
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1 12. The method of claim 1 1 , further comprising: 

2 accessing one of the bins identified by one of the bin pointers in the matching entry of the 

3 primary table; 

4 comparing the transport level fields of the packet with each set of transport level fields in 

5 the accessed bin; and 

6 if the accessed bin has a set of transport level fields matching the transport level fields of 

7 the packet, applying an action associated with the matching set of transport level 

8 fields to the received packet. 

1 13. The method of claim 11, further comprising: 

2 searching a first of two secondary tables for an entry matching the third index, the first 

3 secondary table including a number of entries, each entry corresponding to a 

4 partially specified filter; 

5 searching a second of the two secondary tables for an entry matching the fourth index, the 

6 second secondary table including a number of entries, each entry corresponding to 

7 a partially specified filter; and 

8 if no match is found in the primary table and a matching entry is found in one of the two 

9 secondary tables, accessing a list of bin pointers associated with the matching 

10 entry, each bin pointer of the list identifying a bin containing a number of sets of 

11 transport level fields. 
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1 14. The method of claim 13, further comprising: 

2 accessing one of the bins identified by one of the bin pointers in the matching entry of the 

3 one secondary table; 

4 comparing the transport level fields of the packet with each set of transport level fields in 

5 the accessed bin; and 

6 if the accessed bin has a set of transport level fields matching the transport level fields of 

7 the packet, applying an action associated with the matching set of transport level 

8 fields to the received packet. 

1 15. The method of claim 13, further comprising: 

2 if no match is found in either of the secondary tables, accessing a list of bin pointers 

3 associated with a default entry, each bin pointer of the list identifying a bin 

4 containing a number of sets of transport level fields. 

1 16. The method of claim 15, wherein the default entry corresponds to an entire 



2 ' two-dimensional address space. 
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1 17. The method of claim 1 1 , further comprising 

2 searching the source address data structure to find a fifth index associated with a wide 

3 filter having a source prefix matching the source address of the packet; 

4 searching the destination address data structure to find a sixth index associated with a 

5 wide filter having a destination prefix matching the destination address of the 

6 packet; 

7 forming a second key from the fifth and sixth indexes; 

8 searching a wide filter table for an entry matching the second key, the wide filter table 

9 including a number of entries, each entry corresponding to a wide filter; and 

10 if no match is found in the primary table and a matching entry is found in the wide filter 

1 1 table, accessing a list of bin pointers associated with the matching entry in the 

12 wide filter table, each bin pointer of the list identifying a bin containing a number 

13 of sets of transport level fields. 

1 18. The method of claim 17, further comprising: 

2 accessing one of the bins identified by one of the bin pointers in the matching entry of the 

3 wide filter table; 

4 comparing the transport level fields of the packet with each set of transport level fields in 

5 the accessed bin; and 

6 if the accessed bin has a set of transport level fields matching the transport level fields of 

7 the packet, applying an action associated with the matching set of transport level 

8 fields to the received packet. 
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1 1 9. The method of claim 1 7, wherein each wide filter contained in the wide 

2 filter table comprises a fully specified filter having a number of indicator filters 

3 exceeding.a specified threshold. 

1 20. The method of claim 1 1, wherein the number of transport level fields in 

2 the received packet comprises at least one of a source port, a destination port, and a 

3 protocol. 

1 21. A method comprising: 

2 grouping a plurality of rules of a packet classification database into a number of rule sets, 

3 each rule set including rules having a source and destination address pair, each 

4 rule set associated with a filter corresponding to the source and destination 

5 address pair; 

6 associating a small bin with each of the filters, each small bin including a group of a 

7 • number of sets of transport level fields, each set of transport level fields in the 

8 group associated with one of the rules in the associated rule set. 

1 22. The method of claim 2 1 , wherein at least two of the filters are associated 

2 with a same small bin. 
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1 23 . The method of claim 2 1 , further comprising identifying a number of filter 

2 intersections, each filter intersection corresponding to an intersection of at least two of 

3 the filters. 

1 24. The method of claim 23, further comprising associating a large bin with/ 

2 each of the filter intersections, the large bin of each filter intersection comprising a union 

3 of the small bins associated with each of the at least two filters of the intersection. 

1 25. The method of claim 24, further comprising identifying a number of 

2 indicator filters, each indicator filter formed from a source address of one of the filters 

3 and the destination address of another of the filters. 

1 26. The method of claim 25, wherein the filters associated with the 

2 classification database includes fully specified filters, partially specified filters extending 

3 an entire source address space, and partially specified filter extending an entire 

4 destination address space. 
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1 27. The method of claim 26, further comprising: 

2 creating a primary table including a number of entries, each entry of the primary table 

3 associated with one of the fully specified filters, one of the filter intersections, or 

4 one of the indicator filters, each entry of the primary table including a key and at 

5 least one pointer to the small bin associated with the corresponding filter of that 

6 entry; 

7 creating a first secondary table including a number of entries, each entry of the first 

8 secondary table associated with one of the partially specified filters having a 

9 source address extending the entire source address space, each entry of the first 

10 secondary table including a key and a pointer to the small bin associated with the 

1 1 corresponding filter of that entry; and 

12 creating a second secondary table including a number of entries, each entry of the second 

1 3 secondary table associated with one of the partially specified filters having a 

14 destination address extending the entire destination address space, each entry of 

15 the second secondary table including a key and a pointer to the small bin 

1 6 associated with the corresponding filter of that entry. 

1 28. The method of claim 27, wherein the at least one pointer in one entry of 

2 the primary table identifies a large bin associated with a corresponding filter intersection 

3 of that entry. 
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1 29. The method of claim 27, wherein the primary table includes a subset of 

2 the number of indicator filters. 

1 30. The method of claim 27, wherein the filters associated with the 

2 classification database further includes wide filters. 

1 31. The method of claim 30, further comprising creating a wide filter table 

2 including a number of entries, each entry of the wide filter table associated with one of 

3 the wide filters, each entry of the wide filter table including a key and a pointer to the 

4 small bin associated with the corresponding filter of that entry. 

1 32. The method of claim 21, further comprising: 

2 creating a source address data structure, the source address data structure including a 

3 number of entries, each of the entries including a source prefix corresponding to 

4 one of the filters; and 

5 creating a destination address data structure, the destination address data structure 

6 including a number of entries, each of the entries including a destination prefix 

7 corresponding to one of the filters. 
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1 33. A data structure comprising: 

2 a plurality of filters, each filter including a source address prefix and a destination 

3 address prefix; and 

4 a plurality of bins, each bin comprising a number of triplets, each triplet including at least 

5 one transport level field, an action, and a priority; 

6 wherein each of the plurality of filters is associated with at least one of the bins. 



1 34. The data structure of claim 33, wherein one of the bins is associated with 

2 at least two of the filters. 

1 35. The data structure of claim 33, wherein the source address prefix 

2 comprises a source IP (Internet Protocol) address prefix and the destination address prefix 

3 comprises a destination EP address prefix. 

1 36. The data structure of claim 33, wherein the at least one transport level 

2 field comprises one of a protocol, a source port, and a destination port. 

1 37. The data structure of claim 33 , wherein each of at least some of the bins 

2 comprises a small bin. 
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1 38. The data structure of claim 37, wherein at least one of the bins comprises a 

2 large bin, the large bin comprising a union of the small bins associated with a filter 

3 intersection. 

1 39. A data structure comprising: 

2 a source address data structure, the source address data structure including a number of 

3 entries, each of the entries having a source prefix, a filter type, and an index; 

4 a destination address data structure, the destination address data structure including a 

5 number of entries, each of the entries having a destination prefix, a filter type, and 

6 an index; 

7 a primary table, the primary table including a number of entries, each of the entries 

8 having a key and at least one bin pointer, wherein each of the entries is associated 

9 with one of a fully specified filter, a fully specified filter intersection, and an 

10 indicator filter; and 

1 1 two secondary tables, each of the secondary tables including a number of entries, each of 

12 the entries having a key and at least one bin pointer, wherein each entry of each of 

13 , the two secondary tables is associated with a partially specified filter. 
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1 40. The data structure of claim 39, wherein one of the secondary tables is 

2 associated with partially specified filters having a source address expanding an entire 

3 source address space, and the other of the two secondary tables is associated with 

4 partially specified filters having a destination address expanding an entire destination 

5 address space. 

1 41 . The . data structure of claim 39, wherein the filter type in each of the source 

2 address and destination address look-up tables indicates one of a fully specified filter and 

3 a partially specified filter. 

1 42. The data structure of claim 39, further comprising a wide filter table, the 

2 wide filter table including a number of entries, each of the entries having a key and at 

3 least one bin pointer, wherein each entry of the wide filter table is associated with a wide 

4 filter. 

1 43. The data structure of claim 42, wherein the filter type in each of the source 

2 address and destination address look-up tables indicates one of a fully specified filter, a 

3 partially specified filter, and a wide filter. 
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1 44. The data structure of claim 39, wherein each of the bin pointers in the 

2 entries of the primary and secondary tables identifies one of a plurality of bins of a 

3 second data structure, each bin including a number of triplets, each triplet having at least 

4 one transport level field, an action, and a priority 

1 45. The data structure of claim 44, wherein each source address prefix in the 

2 source address data structure comprises a source IP (Internet Protocol) address prefix and 

3 each destination address prefix in the destination address data structure comprises a 

4 destination IP address prefix. 

1 46. The data structure of claim 45, wherein the at least one transport level 

2 field comprises one of a protocol, a source port, and a destination port. 

1 47. The data structure of claim 39, wherein the primary table includes entries 

2 for a subset of all possible indicator filters. 
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1 48. An apparatus comprising: 

2 a processing device; 

3 a memory coupled with the processing device, the memory having a first data structure 

4 stored therein, the first data structure including 

5 a source address look-up data structure, the source address look-up data 

6 structure including a number of entries, each of the entries having a 

7 source prefix, a filter type, and an index, 

8 a destination address look-up data structure, the destination address look- 

9 up data structure including a number of entries, each of the entries 

1 0 having a destination prefix, a filter type, and an index, 

11 a primary table, the primary table including a number of entries, each of 

12 the entries having a key and at least one bin pointer, wherein each 

13 of the entries is associated with one of a fully specified filter, a 

14 fully specified filter intersection, and an indicator filter, and 

15 two secondary tables, each of the secondary tables including a number of 

16 entries, each of the entries having a key and at least one bin 

1 7 pointer, wherein each entry of each of the two secondary tables is 

1 8 associated with a partially specified filter. 
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1 49. The apparatus of claim 48, further comprising: 

2 a second memory coupled with the processing device, the second memory having a 

3 second data structure stored therein, the second data structure including a plurality 

4 of small bins, each small bin including a number of triplets, each triplet having at 

5 least one transport level field, an action, and a priority; 

6 wherein each of the bin pointers in the entries of the primary and secondary tables 

7 identifies one of the small bins of the second data structure. 

1 50. The apparatus of claim 49, wherein the second memory comprises a 

2 content addressable memory. 

1 51. The apparatus of claim 49, wherein the at least one transport level field 

2 comprises one of a protocol, a source port, and a destination port. 

1 52. The apparatus of claim 51, wherein the second data structure stored in the 

2 second memory includes at least one large bin, the large bin comprising a union of small 

3 bins associated with a filter intersection. 

1 53. The apparatus of claim 48, wherein the memory comprises at least one of 

2 a SRAM, DRAM, SDRAM, and a DDRDRAM. 



-67- 



Attorney Docket No. 42P 16527 
Express Mail No. EV3255269I8US 



1 54. The apparatus of claim 48, wherein the memory comprises part of the 

2 processing device. 

1 55. The apparatus of claim 48, wherein one of the secondary tables is 

2 associated with partially specified filters having a source address expanding an entire 

3 source address space, and the other of the two secondary tables is associated with 

4 partially specified filters having a destination address expanding an entire destination 

5 address space. 

1 56. The apparatus of claim 48, wherein the filter type in each of the source 



2 address and destination address look-up tables comprises one of a fully specified filter 

3 and a partially specified filter. 

1 57. The apparatus of claim 48, wherein the first data structure further 

2 comprises a wide filter table, the wide filter table including a number of entries, each of 

3 the entries having a key and at least one bin pointer, wherein each entry of the wide filter 

4 table is associated with one of a wide filter and an indicator filter. 

1 58. The apparatus of claim 57, wherein the filter type in each of the source 

2 address and destination address look-up data structures comprises one of a fully specified 

3 filter, a partially specified filter, and a wide filter. 
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1 59. The apparatus of claim 48, wherein each source address prefix in the 

2 source address look-up data structure comprises a source IP (Internet Protocol) address 

3 prefix and each destination address prefix in the destination address look-up data 

4 structure comprises a destination IP address prefix. 

1 60. The apparatus of claim 48, wherein the primary table includes entries for a 

2 subset of all possible indicator filters. 

1 61. An apparatus comprising: 

2 a content addressable memory (CAM), the CAM having stored therein a plurality of bins, 

3 each of the bins including a number of sets of fields; and 

4 a processing device coupled with CAM, the processing device capable of determining a 

5 result based upon the network path of the packet and identify, from the plurality 

6 of bins, at least one bin corresponding to the result, the CAM to search the at least 

7 one corresponding bin to identify a set of fields matching the packet. 

1 62. The apparatus of claim 61 , wherein the CAM returns an action associated 

2 with the set of matching fields, the processing device capable of executing the action. 

1 63. The apparatus of claim 6 1 , wherein the matching set of fields includes a 

2 transport level field. 
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1 64. The apparatus of claim 61, wherein the processing device, when 

2 determining the result, identifies a single most specific filter matching the packet. 

1 65. An article of manufacture comprising: 

2 a machine accessible medium providing content that, when accessed by a machine, 

3 causes the machine to 

4 determine a result based upon a network path of a received packet; 

5 identify, from a plurality of bins, at least one bin corresponding to the result, each 

6 of the plurality of bins including a number of sets of fields; and 

7 search the at least one corresponding bin to identify a set of fields matching the 

8 packet. 

1 66. The article of manufacture of claim 65, wherein the content, when 

2 accessed, further causes the machine to: 

3 identify an action associated with the set of matching fields; and 

4 apply the action to the packet. 

1 67. The article of manufacture of claim 65, wherein the set of matching fields 

2 includes a transport level field. 
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1 68. The article of manufacture of claim 65, wherein the content, when 

2 accessed, further causes the machine, when determining the result, to identify a single 

3 most specific filter matching the packet. 

1 69. The article of manufacture of claim 68, wherein the network path of the 

2 packet is expressed as a source address and a destination address. 

1 70. The article of manufacture of claim 69, wherein the content, when 

2 accessed, further causes the machine, when identifying the single most specific matching 

3 filter, to: 

4 perform a look-up in a first data structure to find an entry matching the source address of 

5 the packet; and 

6 perform a look-up in a second data structure to find an entry matching the destination 

7 address of the packet. 
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